RHEL 5/6:flash-plugin (RHSA-2015:2593)

high Nessus 插件 ID 87304
全新!插件严重性现在使用 CVSS v3

计算的插件严重性默认已更新为使用 CVSS v3。没有 CVSS v3 分数的插件将回退到 CVSS v2 来计算严重性。可以在设置下拉列表中切换严重性显示首选项。

简介

远程 Red Hat 主机缺少安全更新。

描述

更新后的 Adobe Flash Player 程序包修复了多个安全问题,现在可用于 Red Hat Enterprise Linux 5 和 6 Supplementary。

Red Hat 产品安全团队将此更新评级为具有严重安全影响。可从“参考”部分中的 CVE 链接获取针对每个漏洞的通用漏洞评分系统 (CVSS) 基本分数,其给出了详细的严重性等级。

Flash 插件程序包包含兼容 Mozilla Firefox 的 Adobe Flash Player Web 浏览器插件。

此更新修复了 Adobe Flash Player 中的多种漏洞。
“参考”部分中列出的《Adobe 安全公告 APSB15-32》详述了这些漏洞,攻击者可利用这些漏洞创建特别构建的 SWF 文件,并在受害者加载包含恶意 SWF 内容的页面时,造成 flash 插件崩溃、执行任意代码或者泄露敏感信息。
(CVE-2015-8045、CVE-2015-8047、CVE-2015-8048、CVE-2015-8049、CVE-2015-8050、CVE-2015-8055、CVE-2015-8056、CVE-2015-8057、CVE-2015-8058、CVE-2015-8059、CVE-2015-8060、CVE-2015-8061、CVE-2015-8062、CVE-2015-8063、CVE-2015-8064、CVE-2015-8065、CVE-2015-8066、CVE-2015-8067、CVE-2015-8068、CVE-2015-8069、CVE-2015-8070、CVE-2015-8071、CVE-2015-8401、CVE-2015-8402、CVE-2015-8403、CVE-2015-8404、CVE-2015-8405、CVE-2015-8406、CVE-2015-8407、CVE-2015-8408、CVE-2015-8409、CVE-2015-8410、CVE-2015-8411、CVE-2015-8412、CVE-2015-8413、CVE-2015-8414、CVE-2015-8415、CVE-2015-8416、CVE-2015-8417、CVE-2015-8418、CVE-2015-8419、CVE-2015-8420、CVE-2015-8421、CVE-2015-8422、CVE-2015-8423、CVE-2015-8424、CVE-2015-8425、CVE-2015-8426、CVE-2015-8427、CVE-2015-8428、CVE-2015-8429、CVE-2015-8430、CVE-2015-8431、CVE-2015-8432、CVE-2015-8433、CVE-2015-8434、CVE-2015-8435、CVE-2015-8436、CVE-2015-8437、CVE-2015-8438、CVE-2015-8439、CVE-2015-8440、CVE-2015-8441、CVE-2015-8442、CVE-2015-8443、CVE-2015-8444、CVE-2015-8445、CVE-2015-8446、CVE-2015-8447、CVE-2015-8448、CVE-2015-8449、CVE-2015-8450、CVE-2015-8451、CVE-2015-8452、CVE-2015-8453、CVE-2015-8454、CVE-2015-8455)

所有 Adobe Flash Player 用户应安装此更新后的程序包,将 Flash Player 升级到版本 11.2.202.554。

解决方案

更新受影响的 flash-plugin 程序包。

另见

https://helpx.adobe.com/security/products/flash-player/apsb15-32.html

https://access.redhat.com/errata/RHSA-2015:2593

https://access.redhat.com/security/cve/cve-2015-8443

https://access.redhat.com/security/cve/cve-2015-8438

https://access.redhat.com/security/cve/cve-2015-8441

https://access.redhat.com/security/cve/cve-2015-8440

https://access.redhat.com/security/cve/cve-2015-8447

https://access.redhat.com/security/cve/cve-2015-8446

https://access.redhat.com/security/cve/cve-2015-8445

https://access.redhat.com/security/cve/cve-2015-8442

https://access.redhat.com/security/cve/cve-2015-8449

https://access.redhat.com/security/cve/cve-2015-8448

https://access.redhat.com/security/cve/cve-2015-8427

https://access.redhat.com/security/cve/cve-2015-8429

https://access.redhat.com/security/cve/cve-2015-8067

https://access.redhat.com/security/cve/cve-2015-8453

https://access.redhat.com/security/cve/cve-2015-8452

https://access.redhat.com/security/cve/cve-2015-8066

https://access.redhat.com/security/cve/cve-2015-8455

https://access.redhat.com/security/cve/cve-2015-8047

https://access.redhat.com/security/cve/cve-2015-8068

https://access.redhat.com/security/cve/cve-2015-8045

https://access.redhat.com/security/cve/cve-2015-8444

https://access.redhat.com/security/cve/cve-2015-8428

https://access.redhat.com/security/cve/cve-2015-8061

https://access.redhat.com/security/cve/cve-2015-8060

https://access.redhat.com/security/cve/cve-2015-8063

https://access.redhat.com/security/cve/cve-2015-8062

https://access.redhat.com/security/cve/cve-2015-8065

https://access.redhat.com/security/cve/cve-2015-8064

https://access.redhat.com/security/cve/cve-2015-8049

https://access.redhat.com/security/cve/cve-2015-8048

https://access.redhat.com/security/cve/cve-2015-8410

https://access.redhat.com/security/cve/cve-2015-8411

https://access.redhat.com/security/cve/cve-2015-8412

https://access.redhat.com/security/cve/cve-2015-8413

https://access.redhat.com/security/cve/cve-2015-8414

https://access.redhat.com/security/cve/cve-2015-8415

https://access.redhat.com/security/cve/cve-2015-8416

https://access.redhat.com/security/cve/cve-2015-8417

https://access.redhat.com/security/cve/cve-2015-8418

https://access.redhat.com/security/cve/cve-2015-8419

https://access.redhat.com/security/cve/cve-2015-8430

https://access.redhat.com/security/cve/cve-2015-8431

https://access.redhat.com/security/cve/cve-2015-8436

https://access.redhat.com/security/cve/cve-2015-8437

https://access.redhat.com/security/cve/cve-2015-8434

https://access.redhat.com/security/cve/cve-2015-8435

https://access.redhat.com/security/cve/cve-2015-8069

https://access.redhat.com/security/cve/cve-2015-8454

https://access.redhat.com/security/cve/cve-2015-8432

https://access.redhat.com/security/cve/cve-2015-8439

https://access.redhat.com/security/cve/cve-2015-8433

https://access.redhat.com/security/cve/cve-2015-8426

https://access.redhat.com/security/cve/cve-2015-8050

https://access.redhat.com/security/cve/cve-2015-8055

https://access.redhat.com/security/cve/cve-2015-8056

https://access.redhat.com/security/cve/cve-2015-8057

https://access.redhat.com/security/cve/cve-2015-8058

https://access.redhat.com/security/cve/cve-2015-8059

https://access.redhat.com/security/cve/cve-2015-8070

https://access.redhat.com/security/cve/cve-2015-8071

https://access.redhat.com/security/cve/cve-2015-8450

https://access.redhat.com/security/cve/cve-2015-8451

https://access.redhat.com/security/cve/cve-2015-8407

https://access.redhat.com/security/cve/cve-2015-8406

https://access.redhat.com/security/cve/cve-2015-8405

https://access.redhat.com/security/cve/cve-2015-8404

https://access.redhat.com/security/cve/cve-2015-8403

https://access.redhat.com/security/cve/cve-2015-8402

https://access.redhat.com/security/cve/cve-2015-8401

https://access.redhat.com/security/cve/cve-2015-8421

https://access.redhat.com/security/cve/cve-2015-8420

https://access.redhat.com/security/cve/cve-2015-8423

https://access.redhat.com/security/cve/cve-2015-8422

https://access.redhat.com/security/cve/cve-2015-8425

https://access.redhat.com/security/cve/cve-2015-8424

https://access.redhat.com/security/cve/cve-2015-8409

https://access.redhat.com/security/cve/cve-2015-8408

https://access.redhat.com/security/cve/cve-2015-8456

https://access.redhat.com/security/cve/cve-2015-8457

https://access.redhat.com/security/cve/cve-2015-8652

https://access.redhat.com/security/cve/cve-2015-8653

https://access.redhat.com/security/cve/cve-2015-8654

https://access.redhat.com/security/cve/cve-2015-8655

https://access.redhat.com/security/cve/cve-2015-8656

https://access.redhat.com/security/cve/cve-2015-8657

https://access.redhat.com/security/cve/cve-2015-8658

https://access.redhat.com/security/cve/cve-2015-8820

https://access.redhat.com/security/cve/cve-2015-8821

https://access.redhat.com/security/cve/cve-2015-8822

https://access.redhat.com/security/cve/cve-2015-8823

插件详情

严重性: High

ID: 87304

文件名: redhat-RHSA-2015-2593.nasl

版本: 1.25

类型: local

代理: unix

发布时间: 2015/12/10

最近更新时间: 2019/10/24

依存关系: ssh_get_info.nasl

风险信息

VPR

风险因素: High

分数: 8.9

CVSS v2

风险因素: Critical

基本分数: 10

时间分数: 8.7

矢量: AV:N/AC:L/Au:N/C:C/I:C/A:C

时间矢量: E:H/RL:OF/RC:C

CVSS v3

风险因素: High

基本分数: 8.8

时间分数: 8.4

矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

时间矢量: E:H/RL:O/RC:C

漏洞信息

CPE: p-cpe:/a:redhat:enterprise_linux:flash-plugin, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:6, cpe:/o:redhat:enterprise_linux:6.7

必需的 KB 项: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

可利用: true

易利用性: Exploits are available

补丁发布日期: 2015/12/9

漏洞发布日期: 2015/12/10

参考资料信息

CVE: CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8407, CVE-2015-8408, CVE-2015-8409, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8415, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8438, CVE-2015-8439, CVE-2015-8440, CVE-2015-8441, CVE-2015-8442, CVE-2015-8443, CVE-2015-8444, CVE-2015-8445, CVE-2015-8446, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8451, CVE-2015-8452, CVE-2015-8453, CVE-2015-8454, CVE-2015-8455, CVE-2015-8456, CVE-2015-8457, CVE-2015-8652, CVE-2015-8653, CVE-2015-8654, CVE-2015-8655, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, CVE-2015-8820, CVE-2015-8821, CVE-2015-8822, CVE-2015-8823

RHSA: 2015:2593